Commit 33eae33423d224e10a3a9aeefd70d632d70b20fe
Exists in
master
and in
4 other branches
Merge branch 'full-post-to-oss-security' of /home/git/repositories/gitlab/gitlabhq
Showing
1 changed file
with
2 additions
and
2 deletions
Show diff stats
doc/release/security.md
| ... | ... | @@ -26,10 +26,10 @@ Please report suspected security vulnerabilities in private to support@gitlab.co |
| 26 | 26 | 1. Send out an email to the subscribers mailing list on MailChimp |
| 27 | 27 | 1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq) |
| 28 | 28 | 1. Send out an email to [the GitLab newsletter list](http://gitlab.us5.list-manage.com/subscribe?u=498dccd07cf3e9482bee33ba4&id=98a9a4992c) |
| 29 | -1. Post a signed copy of our announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number | |
| 29 | +1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number | |
| 30 | 30 | 1. Add the security researcher to the [Security Researcher Acknowledgments list](http://www.gitlab.com/vulnerability-acknowledgements/) |
| 31 | 31 | 1. Thank the security researcher in an email for their cooperation |
| 32 | -1. Update the blogposts when we receive the CVE number | |
| 32 | +1. Update the blogpost and the CHANGELOG when we receive the CVE number | |
| 33 | 33 | |
| 34 | 34 | The timing of the code merge into master should be coordinated in advance. |
| 35 | 35 | After the merge we strive to publish the announcements within 60 minutes. | ... | ... |